[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN107994993B - Application program detection method and device - Google Patents

Application program detection method and device Download PDF

Info

Publication number
CN107994993B
CN107994993B CN201711167093.7A CN201711167093A CN107994993B CN 107994993 B CN107994993 B CN 107994993B CN 201711167093 A CN201711167093 A CN 201711167093A CN 107994993 B CN107994993 B CN 107994993B
Authority
CN
China
Prior art keywords
signature
signed
application program
certificate
channel
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201711167093.7A
Other languages
Chinese (zh)
Other versions
CN107994993A (en
Inventor
孔庆龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qihoo Technology Co Ltd
Original Assignee
Beijing Qihoo Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN201711167093.7A priority Critical patent/CN107994993B/en
Publication of CN107994993A publication Critical patent/CN107994993A/en
Application granted granted Critical
Publication of CN107994993B publication Critical patent/CN107994993B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Quality & Reliability (AREA)
  • Stored Programmes (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an application program detection method and device, relates to the technical field of network security, and mainly aims to improve the development efficiency of an application program by developing time and development cost, wherein the method comprises the following steps: when an application program is developed, acquiring a signature certificate of the self-signature of the application program and a plurality of channel information; performing digital signature on the signature certificate by using a digital certificate issued by a third-party authentication service institution; and packaging and generating a plurality of signed channel installation packages corresponding to the application program according to the signed certificate, the plurality of channel information and a preset mutual signature rule. The method is suitable for detecting the application program.

Description

Application program detection method and device
Technical Field
The present invention relates to the field of network security technologies, and in particular, to a method and an apparatus for detecting an application program.
Background
The malicious code is embedded in the development link of the application program, or the malicious code is embedded by tampering with the normal application program, which is the main means for making the malicious program at present. The application program is digitally signed by adopting a code signing certificate issued by a third-party electronic authentication service authority (CA) established by law, so that the identity of a developer can be ensured to be authentic and credible, and the digital signature has legal effectiveness. The digital signature technology can effectively prevent the application program from being illegally tampered, effectively trace the source of the developer of the application program, and prevent and attack malicious application programs. In practical applications, in order to increase the popularization and use of the application program, the application program developer usually distributes the application program to a plurality of channels for the user to download and install. In order to count the situation of popularization of the application program in each channel in the later period and optimize the popularization strategy of the application program, a developer of the application program can distinguish each channel of the application program, namely, a channel installation package is generated for each channel.
At present, when an application program is developed, a plurality of channel installation packages of the application program are generally first packaged to generate, and then each channel installation package is digitally signed, so that the application program is subsequently identified. However, a developer develops many application programs and many channels corresponding to the application programs, and performing a digital signature process on each channel installation package wastes much development time and development cost, resulting in low development efficiency of the application programs.
Disclosure of Invention
In view of this, the present invention provides a method and an apparatus for detecting an application program, and mainly aims to improve development efficiency of the application program by enabling development time and development cost.
According to a first aspect of the present invention, there is provided an application detection method, including:
when an application program is developed, acquiring a signature certificate of the self-signature of the application program and a plurality of channel information;
performing digital signature on the signature certificate by using a digital certificate issued by a third-party authentication service institution;
and packaging and generating a plurality of signed channel installation packages corresponding to the application program according to the signed certificate, the plurality of channel information and a preset mutual signature rule.
According to a second aspect of the present invention, there is provided an application detection apparatus comprising:
the device comprises an acquisition unit, a verification unit and a verification unit, wherein the acquisition unit is used for acquiring a signature certificate of the self-signature of the application program and a plurality of channel information when the application program is developed;
the signature unit is used for digitally signing the signature certificate by using the digital certificate signed by the third-party certification service authority;
and the generating unit is used for generating a plurality of signed channel installation packages corresponding to the application program in a packaging manner according to the signed certificate, the plurality of channel information and a preset mutual signature rule.
According to a third aspect of the present invention, there is provided a computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of:
when an application program is developed, acquiring a signature certificate of the self-signature of the application program and a plurality of channel information;
performing digital signature on the signature certificate by using a digital certificate issued by a third-party authentication service institution;
and packaging and generating a plurality of signed channel installation packages corresponding to the application program according to the signed certificate, the plurality of channel information and a preset mutual signature rule.
According to a fourth aspect of the present invention, there is provided an application detection apparatus, comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the following steps when executing the program:
when an application program is developed, acquiring a signature certificate of the self-signature of the application program and a plurality of channel information;
performing digital signature on the signature certificate by using a digital certificate issued by a third-party authentication service institution;
and packaging and generating a plurality of signed channel installation packages corresponding to the application program according to the signed certificate, the plurality of channel information and a preset mutual signature rule.
The invention provides an application program detection method and a device, compared with the prior art that when an application program is developed, a plurality of channel installation packages of the application program are packaged and generated, and then each channel installation package is subjected to a signature process, the invention obtains a signature certificate and a plurality of channel information of the self-signature of the application program, utilizes a digital certificate issued by a third-party authentication service authority to digitally sign the signature certificate, then packages and generates a plurality of signed channel installation packages of the application program according to the signed certificate, the plurality of channel information and a preset mutual signature rule, can realize the mutual authentication of the signature certificate of the self-signature of the application program and the digital certificate of the third-party authentication service authority to form an authentication chain, thereby realizing the completion of the digital signature of the plurality of channel installation packages through one-time signature without performing a digital signature process for each channel installation package, the development process of the application program is simplified, and the development time of the application program is shortened, so that the development efficiency of the application program is improved.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
FIG. 1 is a flow chart of an application detection method according to an embodiment of the present invention;
FIG. 2 is a flow chart of another application detection method provided by the embodiment of the invention;
FIG. 3 is a diagram illustrating mutual signing of a digital certificate and a signed certificate provided by an embodiment of the present invention;
fig. 4 is a schematic structural diagram illustrating an application detection apparatus according to an embodiment of the present invention;
FIG. 5 is a schematic structural diagram of another application detection apparatus provided in an embodiment of the present invention;
fig. 6 is a schematic entity structure diagram of an application detection apparatus according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
As described in the background, currently, in application development, a plurality of channel installation packages of an application are generally generated by packaging, and then each channel installation package is digitally signed. However, a developer develops many application programs and many channels corresponding to the application programs, and performing a digital signature process on each channel installation package wastes much development time and development cost, resulting in low development efficiency of the application programs.
In order to solve the above technical problem, an embodiment of the present invention provides an application detection method, as shown in fig. 1, the method includes:
101. and when the application program is developed, acquiring a signature certificate of the self-signature of the application program and a plurality of channel information.
In order to ensure the security of user information, an operating system of the mobile terminal requires that all application programs can be installed only after digital signature, if no digital signature is available, the system does not allow the application programs to be installed and run, and the self-signed signature certificate of the application programs can be a certificate for a developer to sign the application programs, can be used for self-certification of the application programs, and can identify the developers of the application programs and establish a trust relationship between the application programs. The developer may obtain a self-signed signature certificate by using a digital certificate related mechanism or a signature tool to put the signature certificate on the application program through the operating system.
102. And digitally signing the signature certificate by using the digital certificate issued by the third-party authentication service authority.
The digital certificate may be a file digitally signed by a third party certification service authority and containing public key owner information and a public key, that is, the file is issued after the third party certification service authority verifies the identity of the developer of the application program. Specifically, the private key corresponding to the signature certificate may be owned by the developer, the digital certificate may be signed by the private key corresponding to the signature certificate, after the digital certificate is signed, a public key may be assigned to the third-party certificate service authority, and the formed signed certificate is sent to the third-party certificate service authority, so that trust can be established between the developer and the third-party certificate service authority.
103. And packaging and generating a plurality of signed channel installation packages corresponding to the application program according to the signed certificate, the plurality of channel information and a preset mutual signature rule.
It should be noted that the preset mutual signature rule may be a rule that the signature certificate and the digital certificate mutually sign. The mutual signature rule developer and the third-party certification service organization are preset to establish a trust relationship, and the two parties can safely exchange signature public keys, namely, the private keys of the two parties are used for signing the other party, so that the two parties have cross certificates. Therefore, when a plurality of signed channel installation packages corresponding to the application program are generated subsequently, the signed certificate can be added to the resource catalog of the unsigned channel installation package, and then the unsigned channel installation package is automatically signed, so that the signed certificate is digitally signed by a private key in the unsigned channel installation package, and the signed certificate is protected by the signed certificate.
Compared with the prior art that a plurality of channel installation packages of an application program are packaged and generated during application program development, and then a signature process is respectively carried out on each channel installation package, the embodiment of the invention obtains a signature certificate and a plurality of channel information of the self-signature of the application program, utilizes a digital certificate signed by a third-party authentication service authority to carry out digital signature on the signature certificate, then packages and generates a plurality of channel installation packages of the application program according to the signed certificate, the plurality of channel information and a preset mutual signature rule, can realize mutual authentication of the signature certificate of the self-signature of the application program and the digital certificate of the third-party authentication service authority to form an authentication chain, thereby realizing the completion of the digital signature of the plurality of channel installation packages through one signature without carrying out a digital signature process on each channel installation package, the development process of the application program is simplified, and the development time of the application program is shortened, so that the development efficiency of the application program is improved.
Further, in order to better describe the above process of detecting the application, as a refinement and extension of the above embodiment, the embodiment of the present invention provides another method for detecting the application, as shown in fig. 2, but is not limited thereto, and specifically as follows:
201. and sending the digital certificate application data of the application program to a third-party authentication service organization.
And the service mechanism is used for verifying the identity of the developer according to the application data. The digital certificate application material may include identification material of the developer, a certificate service application form, an applicant's commitment, and the like. The developer may be an individual or an enterprise. Before the developer develops, the developer can apply for a third-party authentication service organization, after the identity of the developer is known, the third-party authentication service organization can distribute a public key for the developer, tie the public key with the identity information of the developer, sign the public key and form a digital certificate to be signed to the developer, and the digital certificate can also comprise the validity period of authentication.
For example, the issued digital certificate may be as follows:
program name: XXX
The developer: XXXXXX
The authentication service mechanism: XXXXXX
The certificate validity period is as follows: XX month XX day XX year to XX month XX day XX year.
202. And receiving the digital certificate issued by the service organization after the identity authentication of the developer is passed.
203. And when the application program is developed, acquiring a signature certificate of the self-signature of the application program and a plurality of channel information.
For the embodiment of the present invention, in order to obtain the self-signed signature certificate of the application program, the method may specifically generate the self-signed signature certificate of the application program by using a preset signature tool in a user-defined manner after the application program code is developed. The preset signature tool may be a signtool.
204. And carrying out digital signature on the public key corresponding to the signature certificate by using the private key of the digital certificate issued by the third-party authentication service organization.
It should be noted that, the process of digitally signing the public key corresponding to the signature certificate may be: firstly, calculating the abstract of the public key corresponding to the signature certificate, and then digitally signing the calculated abstract by using the private key of the issued digital certificate. For example, the digital certificate issued by the third-party certification service authority may be a certificate a, the signature certificate may be a certificate B, the digest of the certificate B may be sha256, the digest sha256 of the public key of the certificate B may be digitally signed by using a private key corresponding to the certificate a to obtain a signed certificate, and the signed certificate may be a signa.
205. And packaging the application program according to the plurality of channel information to generate a plurality of channel installation packages to be signed corresponding to the application program.
206. And respectively adding the signed certificates into the plurality of channel installation packages to be signed.
207. And signing the signed certificate through the private key of the signature certificate in the channel installation packages to be signed to generate the channel installation packages after signature.
In the embodiment of the present invention, the signed certificate may be stored in a resource directory of an installation package, so that the digital certificate may be connected to the signed certificate, and the self-signed certificate is a root certificate for a channel installation package of an application program, and an unsigned key in the channel installation package of the application program may be threaded together. Specifically, the channel installation package to be signed can be digitally signed automatically, so that the signed certificate is digitally signed through a private key in the channel installation package to be signed, the signed certificate is protected by the signed certificate, and the signed certificate and the digital certificate are mutually signed.
As shown in fig. 3, fig. 3 provides a schematic diagram of mutual signatures between the signing certificate and the digital certificate, where a digital certificate a issued by a third-party certificate service authority is issued after being verified by a series of certificate service authorities such as a root certificate service authority and an intermediate certificate service authority, specifically, the digital certificate a may be issued based on an x.509 international standard, and a signing certificate B may be generated by a developer in a customized manner according to a signing tool. Firstly, a signature certificate B can be digitally signed through a digital certificate A, then the signed certificate is stored in a resource directory in a channel installation package to be signed, and meanwhile, the channel installation package to be signed is automatically digitally signed through the signature certificate, so that the signed certificate is protected by the signature certificate, and therefore bidirectional verification can be formed.
208. And issuing the signed channel installation package to channels corresponding to the plurality of channel information respectively.
For the embodiment of the invention, the signed channel installation package is issued to each channel, so that the identity of the application program can be identified by verifying the signed channel installation package when the user downloads the application program.
It should be noted that, when the user downloads the application program, the security software may verify the signature information of the application program, if the security software detects that the application program is authenticated by the digital signature, the security software may prompt the user that the application program is authenticated by the digital signature and display the function of the detailed signature information of the application program to the user, and if the security software detects that the application program is not authenticated by the digital signature, the security software does not prompt the user with information. The user can determine to install the application program according to the prompt information, the operating system of the mobile terminal can perform signature authentication on the application program in the process of installing the application program, and if the application program passes the signature authentication, the user is prompted and an application program installation request is responded.
Compared with the prior art that a plurality of channel installation packages of an application program are generated by packaging and then a signature process is respectively carried out on each channel installation package when the application program is developed, the embodiment of the invention obtains the signature certificate and the channel information of the self-signature of the application program, utilizes the digital certificate signed by a third-party authentication service authority to carry out digital signature on the signature certificate, then packages and generates a plurality of signed channel installation packages of the application program according to the signed certificate, the channel information and the preset mutual signature rule, can realize the mutual authentication of the signature certificate of the self-signature of the application program and the digital certificate of the third-party authentication service authority to form an authentication chain, thereby realizing the completion of the digital signature of the channel installation packages by one-time signature without carrying out a digital signature process on each channel installation package, the development process of the application program is simplified, and the development time of the application program is shortened, so that the development efficiency of the application program is improved.
Further, as a specific implementation of fig. 1, an embodiment of the present invention provides an application detection apparatus, as shown in fig. 4, the apparatus includes: an acquisition unit 31, a signature unit 32, and a generation unit 33.
The obtaining unit 31 may be configured to obtain a signature certificate and a plurality of channel information of the self-signature of the application program when the application program is developed. The acquiring unit 31 is a main function module in the present apparatus that acquires a signature certificate of a self-signature of an application and a plurality of channel information at the time of application development.
The signature unit 32 may be configured to digitally sign the signature certificate by using a digital certificate issued by a third-party certification service authority. The signature unit 32 is a main functional module of the present apparatus that digitally signs the signature certificate using a digital certificate issued by a third-party certification service authority, and is also a core module of the present apparatus.
The generating unit 33 may be configured to generate a plurality of signed channel installation packages corresponding to the application program by packaging according to the signed certificate, the plurality of channel information, and a preset mutual signature rule. The generating unit 33 is configured to generate a plurality of signed channel installation packages corresponding to the application program by packaging according to the signed certificate, the plurality of channel information, and a preset mutual signature rule.
As shown in fig. 5, for the embodiment of the present invention, the preset mutual signature rule may be a rule that the signature certificate and the digital certificate sign mutually, and the generating unit 33 may include: a generation module 331 and an addition module 332.
The generating module 331 may be configured to perform a packaging process on the application program according to the plurality of channel information, and generate a plurality of channel installation packages to be signed corresponding to the application program.
The adding module 332 may be configured to add the signed certificates to the plurality of channel installation packages to be signed respectively.
The generating module 331 may be further configured to sign the signed certificate through a private key corresponding to the signature certificate in the plurality of channel installation packages to be signed, and generate the plurality of signed channel installation packages.
For the embodiment of the present invention, in order to enable an application to be used online, the apparatus further includes: an issue unit 34.
The publishing unit 34 may be configured to publish the signed channel installation package to channels corresponding to the plurality of channel information, so that when the user downloads the application program, the application program identity is identified by verifying the signed channel installation package.
For the embodiment of the present invention, in order to obtain the digital certificate issued by the third party certification service authority, the apparatus further includes: a transmitting unit 35 and a receiving unit 36.
The sending unit 35 may be configured to send digital certificate application information of the application program to the third-party authentication service authority, where the service authority is configured to verify an identity of a developer according to the application information;
the receiving unit 36 may be configured to receive a digital certificate issued by the service organization after the developer authentication is passed.
For the embodiment of the present invention, in order to obtain the signature certificate of the self-signature of the application program, the generating unit 33 may be further configured to generate the signature certificate of the self-signature of the application program by using a preset signature tool in a self-defined manner after the application program code is developed.
It should be noted that other corresponding descriptions of the functional modules related to the application detection apparatus provided in the embodiment of the present invention may refer to the corresponding description of the method shown in fig. 1, and are not described herein again.
Based on the method shown in fig. 1, correspondingly, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the following steps: when an application program is developed, acquiring a signature certificate of the self-signature of the application program and a plurality of channel information; performing digital signature on the signature certificate by using a digital certificate issued by a third-party authentication service institution; and packaging and generating a plurality of signed channel installation packages corresponding to the application program according to the signed certificate, the plurality of channel information and a preset mutual signature rule.
Based on the foregoing embodiments of the method shown in fig. 1 and the application detection apparatus shown in fig. 4, an embodiment of the present invention further provides an entity structure diagram of the application detection apparatus, as shown in fig. 6, where the apparatus includes: a processor 41, a memory 42, and a computer program stored on the memory 42 and executable on the processor, wherein the memory 42 and the processor 41 are both arranged on a bus 43 such that when the processor 41 executes the program, the following steps are performed: when an application program is developed, acquiring a signature certificate of the self-signature of the application program and a plurality of channel information; performing digital signature on the signature certificate by using a digital certificate issued by a third-party authentication service institution; and packaging and generating a plurality of signed channel installation packages corresponding to the application program according to the signed certificate, the plurality of channel information and a preset mutual signature rule. The device also includes: a bus 43 configured to couple the processor 41 and the memory 42.
According to the technical scheme, the signature certificate of the self-signature of the application program and the information of the plurality of channels can be obtained, the signature certificate is digitally signed by the digital certificate issued by the third-party authentication service authority, and then the channel installation packages of the plurality of signatures of the application program are generated by packaging according to the signed certificate, the information of the plurality of channels and the preset mutual signature rule.
The invention also provides the following technical scheme:
a1, an application program detection method, comprising:
when an application program is developed, acquiring a signature certificate of the self-signature of the application program and a plurality of channel information;
performing digital signature on the signature certificate by using a digital certificate issued by a third-party authentication service institution;
and packaging and generating a plurality of signed channel installation packages corresponding to the application program according to the signed certificate, the plurality of channel information and a preset mutual signature rule.
A2, the method as in a1, wherein the digitally signing the signed certificate with the digital certificate issued by the third party certification service authority specifically includes:
and carrying out digital signature on the public key corresponding to the signature certificate by using the private key of the digital certificate issued by the third-party authentication service organization.
A3, the method of A1, wherein the pre-set mutual signature rule is a rule that the signature certificate and the digital certificate mutually sign.
A4, the method according to any one of a1-A3, where the generating, by packaging according to the signed certificate, the plurality of channel information, and the preset mutual signature rule, the plurality of signed channel installation packages corresponding to the application program specifically includes:
packaging the application program according to the channel information to generate a plurality of channel installation packages to be signed corresponding to the application program;
respectively adding the signed certificates into the plurality of channel installation packages to be signed;
and signing the signed certificate through the private key of the signature certificate in the channel installation packages to be signed to generate the channel installation packages after signature.
A5, the method of A1, wherein after the packaging generates a plurality of signed channel installation packages corresponding to the application program, the method further comprises:
and issuing the signed channel installation package to channels corresponding to the plurality of channel information respectively so as to identify the identity of the application program by verifying the signed channel installation package when a user downloads the application program.
A6, the method of A1, the method further comprising, prior to obtaining the application self-signed signing certificate and the plurality of channel information at application development time:
sending digital certificate application data of the application program to the third-party authentication service mechanism, wherein the service mechanism is used for verifying the identity of a developer according to the application data;
and receiving the digital certificate issued by the service organization after the identity authentication of the developer is passed.
A7, the method as in a1, wherein the obtaining the self-signed signature certificate of the application program specifically includes:
and after the application program code development is finished, a signature certificate of the self-signature of the application program is generated by a preset signature tool in a self-defining mode.
B8, an application detection apparatus, comprising:
the device comprises an acquisition unit, a verification unit and a verification unit, wherein the acquisition unit is used for acquiring a signature certificate of the self-signature of the application program and a plurality of channel information when the application program is developed;
the signature unit is used for digitally signing the signature certificate by using the digital certificate signed by the third-party certification service authority;
and the generating unit is used for generating a plurality of signed channel installation packages corresponding to the application program in a packaging manner according to the signed certificate, the plurality of channel information and a preset mutual signature rule.
B9, the apparatus of B8, comprising:
and the signature unit is specifically used for digitally signing the public key corresponding to the digital certificate issued by the third-party authentication service authority by using the private key corresponding to the signature certificate.
B10, the device as in B8, the preset mutual signature rule is a rule that the signature certificate and the digital certificate mutually sign.
B11, the device of any one of B8-B10, the generating unit comprising:
the generation module is used for packaging the application program according to the plurality of channel information and generating a plurality of channel installation packages to be signed corresponding to the application program;
the adding module is used for respectively adding the signed certificates into the plurality of channel installation packages to be signed;
the generation module is further configured to sign the digital certificate through private keys in the plurality of channel installation packages to be signed, and generate the plurality of signed channel installation packages.
B12, the apparatus of B8, further comprising:
and the issuing unit is used for issuing the signed channel installation package to channels corresponding to the plurality of channel information respectively so as to identify the identity of the application program by verifying the signed channel installation package when the user downloads the application program.
B13, the apparatus of B8, further comprising:
the sending unit is used for sending the digital certificate application data of the application program to the third-party authentication service mechanism, and the service mechanism is used for verifying the identity of a developer according to the application data;
and the receiving unit is used for receiving the digital certificate issued by the service organization after the identity authentication of the developer is passed.
B14, device according to B8,
and the generation unit is also used for generating a self-signed signature certificate of the application program by utilizing a preset signature tool in a self-defining way after the application program code is developed.
C15, a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of:
when an application program is developed, acquiring a signature certificate of the self-signature of the application program and a plurality of channel information;
performing digital signature on the signature certificate by using a digital certificate issued by a third-party authentication service institution;
and packaging and generating a plurality of signed channel installation packages corresponding to the application program according to the signed certificate, the plurality of channel information and a preset mutual signature rule.
D16, an application detection device, comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the following steps when executing the program:
when an application program is developed, acquiring a signature certificate of the self-signature of the application program and a plurality of channel information;
performing digital signature on the signature certificate by using a digital certificate issued by a third-party authentication service institution;
and packaging and generating a plurality of signed channel installation packages corresponding to the application program according to the signed certificate, the plurality of channel information and a preset mutual signature rule.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
It will be appreciated that the relevant features of the method and apparatus described above are referred to one another. In addition, "first", "second", and the like in the above embodiments are for distinguishing the embodiments, and do not represent merits of the embodiments.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
The various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functions of some or all of the components in an application detection apparatus according to embodiments of the present invention. The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.

Claims (10)

1. An application detection method, comprising:
when an application program is developed, acquiring a signature certificate of the self-signature of the application program and a plurality of channel information;
performing digital signature on the signature certificate by using a digital certificate issued by a third-party authentication service institution;
packaging and generating a plurality of signed channel installation packages corresponding to the application program according to the signed certificate, the plurality of channel information and a preset mutual signature rule;
the digitally signing the signature certificate by using the digital certificate issued by the third-party certification service authority specifically includes:
carrying out digital signature on a public key corresponding to the signature certificate by using a private key of a digital certificate issued by a third-party authentication service organization;
the preset mutual signature rule is a rule that the signature certificate and the digital certificate sign mutually;
the method includes the steps of generating a plurality of signed channel installation packages corresponding to the application program in a packaging manner according to signed certificates, the plurality of channel information and preset mutual signature rules, and specifically includes the following steps:
packaging the application program according to the channel information to generate a plurality of channel installation packages to be signed corresponding to the application program;
respectively adding the signed certificates into the plurality of channel installation packages to be signed;
and signing the signed certificate through the private key of the signature certificate in the channel installation packages to be signed to generate the channel installation packages after signature.
2. The method of claim 1, wherein after the packaging generates a plurality of signed channel installation packages corresponding to the application, the method further comprises:
and issuing the signed channel installation package to channels corresponding to the plurality of channel information respectively so as to identify the identity of the application program by verifying the signed channel installation package when a user downloads the application program.
3. The method of claim 1, wherein before the obtaining the application self-signed signing certificate and the plurality of channel information at the time of application development, the method further comprises:
sending digital certificate application data of the application program to the third-party authentication service mechanism, wherein the service mechanism is used for verifying the identity of a developer according to the application data;
and receiving the digital certificate issued by the service organization after the identity authentication of the developer is passed.
4. The method according to claim 1, wherein the obtaining the signed certificate of the application self-signed specifically comprises:
and after the application program code development is finished, a signature certificate of the self-signature of the application program is generated by a preset signature tool in a self-defining mode.
5. An application detection apparatus, comprising:
the device comprises an acquisition unit, a verification unit and a verification unit, wherein the acquisition unit is used for acquiring a signature certificate of the self-signature of the application program and a plurality of channel information when the application program is developed;
the signature unit is used for digitally signing the signature certificate by using the digital certificate signed by the third-party certification service authority;
the generating unit is used for generating a plurality of signed channel installation packages corresponding to the application program in a packaging mode according to the signed certificate, the plurality of channel information and a preset mutual signature rule;
the signature unit is specifically used for digitally signing the public key corresponding to the digital certificate signed and issued by the third-party certification service authority by using the private key corresponding to the signature certificate;
the preset mutual signature rule is a rule that the signature certificate and the digital certificate sign mutually;
wherein the generating unit includes:
the generation module is used for packaging the application program according to the plurality of channel information and generating a plurality of channel installation packages to be signed corresponding to the application program;
the adding module is used for respectively adding the signed certificates into the plurality of channel installation packages to be signed;
the generation module is further configured to sign the digital certificate through private keys in the plurality of channel installation packages to be signed, and generate the plurality of signed channel installation packages.
6. The apparatus of claim 5, further comprising:
and the issuing unit is used for issuing the signed channel installation package to channels corresponding to the plurality of channel information respectively so as to identify the identity of the application program by verifying the signed channel installation package when the user downloads the application program.
7. The apparatus of claim 5, further comprising:
the sending unit is used for sending the digital certificate application data of the application program to the third-party authentication service mechanism, and the service mechanism is used for verifying the identity of a developer according to the application data;
and the receiving unit is used for receiving the digital certificate issued by the service organization after the identity authentication of the developer is passed.
8. The apparatus of claim 5,
and the generation unit is also used for generating a self-signed signature certificate of the application program by utilizing a preset signature tool in a self-defining way after the application program code is developed.
9. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 4.
10. An application detection apparatus comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the method of any one of claims 1 to 4 when executing the program.
CN201711167093.7A 2017-11-21 2017-11-21 Application program detection method and device Expired - Fee Related CN107994993B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711167093.7A CN107994993B (en) 2017-11-21 2017-11-21 Application program detection method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711167093.7A CN107994993B (en) 2017-11-21 2017-11-21 Application program detection method and device

Publications (2)

Publication Number Publication Date
CN107994993A CN107994993A (en) 2018-05-04
CN107994993B true CN107994993B (en) 2021-10-08

Family

ID=62032405

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711167093.7A Expired - Fee Related CN107994993B (en) 2017-11-21 2017-11-21 Application program detection method and device

Country Status (1)

Country Link
CN (1) CN107994993B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020062233A1 (en) * 2018-09-30 2020-04-02 西门子股份公司 Method and apparatus for processing and deploying application program, and computer-readable medium
CN109617694B (en) * 2018-12-21 2021-10-26 网易(杭州)网络有限公司 Application program publishing method and device
CN109992953A (en) * 2019-02-18 2019-07-09 深圳壹账通智能科技有限公司 Digital certificate on block chain signs and issues, verification method, equipment, system and medium
CN111242761B (en) * 2019-12-31 2024-06-07 航天信息股份有限公司 Safe tax control system
CN111814136A (en) * 2020-06-30 2020-10-23 中国信息通信研究院 Android application signature and signature verification method and device, and signature verification system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103036678A (en) * 2011-09-29 2013-04-10 北京新媒传信科技有限公司 Symbian signature application authentication method and system
CN104156638A (en) * 2014-06-06 2014-11-19 国家计算机网络与信息安全管理中心 Implementation method of extended signature for Android system software
CN104899025A (en) * 2015-05-18 2015-09-09 北京奇虎科技有限公司 Method and device for generating channel package
CN106843962A (en) * 2017-01-19 2017-06-13 北京乐盟互动科技有限公司 One kind application packaging method and device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101740256B1 (en) * 2012-11-26 2017-06-09 한국전자통신연구원 Apparatus for mobile app integrity assurance and method thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103036678A (en) * 2011-09-29 2013-04-10 北京新媒传信科技有限公司 Symbian signature application authentication method and system
CN104156638A (en) * 2014-06-06 2014-11-19 国家计算机网络与信息安全管理中心 Implementation method of extended signature for Android system software
CN104899025A (en) * 2015-05-18 2015-09-09 北京奇虎科技有限公司 Method and device for generating channel package
CN106843962A (en) * 2017-01-19 2017-06-13 北京乐盟互动科技有限公司 One kind application packaging method and device

Also Published As

Publication number Publication date
CN107994993A (en) 2018-05-04

Similar Documents

Publication Publication Date Title
CN107994993B (en) Application program detection method and device
CN103685138B (en) The authentication method of the Android platform application software that mobile interchange is online and system
US11514440B2 (en) Method for issuing authentication information and blockchain-based server using the same
CN107077557B (en) Method and device for releasing and verifying software application program
CN110443075B (en) Method and device for verifying and deploying block chain intelligent contracts
CN106899570B (en) The processing method of two dimensional code, apparatus and system
US10083291B2 (en) Automating internet of things security provisioning
CN107463806B (en) Signature and signature verification method for Android application program installation package
CN103905207B (en) Method and system for unifying APK signature
US20170330180A1 (en) Method for using and revoking authentication information and blockchain-based server using the same
CN108694330B (en) Internet of things data management method, platform and equipment
CN107146120B (en) Electronic invoice generation method and generation device
CN111538784B (en) Digital asset transaction method, device and storage medium based on blockchain
CN112165382B (en) Software authorization method and device, authorization server side and terminal equipment
CN111200589A (en) Data protection method and system for alliance chain
CN110677376A (en) Authentication method, related device and system and computer readable storage medium
CN107729746B (en) Installed application program tamper-proofing method and system based on digital signature
CN111460457A (en) Real estate property registration supervision method, device, electronic equipment and storage medium
CN111311258B (en) Block chain-based trusted transaction method, device, system, equipment and medium
JPWO2007094035A1 (en) Device, verification server, information processing server, device registration server, and information processing method
CN115378737B (en) Cross-domain device communication trust method, device, equipment and medium
CN108494565A (en) digital signature system and method
CN115796871A (en) Resource data processing method and device based on block chain and server
JP2011165221A (en) Equipment information transmitting method, equipment information transmitting device, equipment information transmitting program
Adelsbach et al. Secure software delivery and installation in embedded systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20211008

CF01 Termination of patent right due to non-payment of annual fee